Two Chinese nationals indicted for carrying out Anthem data breach

May 10, 2019

The large scale breach suffered by Anthem Inc., the largest health insurance company in the US, in 2014 that resulted in the loss of personal details of over 79 million customers was carried out by a "sophisticated hacking group" based in China.

In June 2017, Anthem Inc. agreed to pay $115 million as a settlement amount to affected customers for failing to prevent the leakage of their personal information to hackers. Despite the payout, Anthem continued to contend that the cyber-attack did not compromise medical or financial information of customers.

Anthem's computer systems were infiltrated by Chinese hackers

On Thursday, two Chinese nationals were indicted by the U.S. Southern District of Indiana for carrying out "one of the worst data breaches in history" as well as for targeting other large businesses in the United States.

"The allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history. These defendants allegedly attacked U.S. businesses operating in four distinct industry sectors, and violated the privacy of over 78 million people by stealing their PII," said Assistant Attorney General Brian A. Benczkowski.

According to a press release issued by the US Department of Justice, a 32-year-old Chinese hacker named Fujie Wang and several others who belonged to a sophisticated hacker group based in China illegally infiltrated computer systems of Anhem Inc and three other large businesses located in the United States in 2014.

Once infiltration was achieved, the hackers installed specialised malware in the affected systems that helped them identify and exfiltrate personally identifiable information (PII) and confidential business information.

According to the indictment, in order to deploy specialised malware in targeted computer systems, members of the China-based hacker group sent specially-tailored “spearfishing” emails with embedded hyperlinks to employees. Aside from deploying malware, the hyperlinks also installed backdoors in computer systems that provided remote access to such systems through a server controlled by the hacker group.

Once the hackers identified personally identifiable information (PII) and confidential business information of interest to them, they stole such data by placing it into encrypted archive files and then sending it through multiple computers to destinations in China.

Once the data was exfiltrated, the hackers deleted the encrypted archive files from the affected computer networks in order to avoid detection. However, since Anthem notified the FBI about the intrusion into its computer systems as soon as the intrusion was detected, the FBI was able to investigate the cyber incident and identify the China-based hacker group behind the hacking attacks.

"Because the victim companies promptly notified the FBI of malicious cyber activity, we were able to successfully investigate and identify the perpetrators of this large-scale, highly sophisticated scheme," said FBI Assistant Director Matt Gorham. "This case is significant not only because it showcases the FBI’s cyber investigative capabilities, but also because it highlights the importance of FBI and private industry relationships."

"Anthem's cooperation and openness in working with the FBI on the investigation of this sophisticated cyber-attack was imperative in allowing for the identification of these individuals. This also speaks to the strong partnerships the FBI has with the private sector, as well as the tenacity and global reach of the Bureau," said Special Agent in Charge Grant Mendenhall.

China regularly sponsoring cyber attacks on US companies

This isn't the first time that Chinese nationals have been found to be behind among the worst cyber attacks on US-based organisations. In December last year, The New York Times revealed that the massive hacking operation last year that compromised personal and financial information of up to 500 million people who made bookings at Marriott International's Starwood hotels was carried out by hackers sponsored by China's Ministry of State Security.

According to sources contacted by The New York Times, China's Ministry of State Security has been sponsoring such massive cyber attacks as part of an information gathering exercise to build an extensive database of U.S. government officials and executives with security clearances.

Aside from obtaining sensitive information about U.S. citizens, it is also believed that China's premier security agency is also sponsoring cyber operations to steal precious intellectual property owned by U.S. firms. China is also reportedly forcing U.S. firms that intend to enter the Chinese market to hand over valuable technology to state agencies.

Sources also told NYT that China is also using such massive troves of data to "root out spies, recruit intelligence agents and build a rich repository of Americans’ personal data for future targeting".

In August 2017, the FBI also arrested Yu Pingan, a Shanghai resident, for carrying out a cyber-attack on the US Government's Office of Personnel Management (OPM) in 2014 and stealing biometric data, including fingerprints, belonging to an estimated 5.6 million citizens and also stealing sensitive information about 21.5 million current and former federal employees, including military personnel.

About The Author

Jay Jay is a freelance technology writer for teiss. He has previously written news articles, device reviews and features for Mobile Choice UK website and magazine, as well as writing extensively for SC Magazine UK, Tech Radar, Indian Express, and Android Headlines.

A massive phishing campaign aimed at stealing Okta, Office 365 and Outlook account credentials of victims has been found targeting a number of United Nations humanitarian organisations such as UNICEF …